Segmentation fault at FreeGC when NewGCObject XaceHook(XACE_RESOURCE_ACCESS) false
FreeGC will Segmentation fault when CreateGC goto out becauseof pGC->funcs = 0; in func NewGCObject
(*pGC->funcs->DestroyClip) (pGC); will die
gc.c
GCPtr
CreateGC(DrawablePtr pDrawable, BITS32 mask, XID *pval, int *pStatus,
XID gcid, ClientPtr client)
{
GCPtr pGC;
pGC = NewGCObject(pDrawable->pScreen, pDrawable->depth);
if (!pGC) {
*pStatus = BadAlloc;
return (GCPtr) NULL;
}
pGC->serialNumber = GC_CHANGE_SERIAL_BIT;
if (mask & GCForeground) {
/*
* magic special case -- ChangeGC checks for this condition
* and snags the Foreground value to create a pseudo default-tile
*/
pGC->tileIsPixel = FALSE;
}
else {
pGC->tileIsPixel = TRUE;
}
/* security creation/labeling check */
*pStatus = XaceHook(XACE_RESOURCE_ACCESS, client, gcid, RT_GC, pGC,
RT_NONE, NULL, DixCreateAccess | DixSetAttrAccess);
if (*pStatus != Success)
goto out;
pGC->stateChanges = GCAllBits;
if (!(*pGC->pScreen->CreateGC) (pGC))
*pStatus = BadAlloc;
else if (mask)
*pStatus = ChangeGCXIDs(client, pGC, mask, pval);
else
*pStatus = Success;
out:
if (*pStatus != Success) {
if (!pGC->tileIsPixel && !pGC->tile.pixmap)
pGC->tileIsPixel = TRUE; /* undo special case */
FreeGC(pGC, (XID) 0);
pGC = (GCPtr) NULL;
}
return pGC;
}static GCPtr
NewGCObject(ScreenPtr pScreen, int depth)
{
GCPtr pGC;
pGC = dixAllocateScreenObjectWithPrivates(pScreen, GC, PRIVATE_GC);
if (!pGC) {
return (GCPtr) NULL;
}
pGC->pScreen = pScreen;
pGC->depth = depth;
pGC->alu = GXcopy; /* dst <- src */
pGC->planemask = ~0;
pGC->serialNumber = 0;
pGC->funcs = 0;/**
* does the diX part of freeing the characteristics in the GC.
*
* \param value must conform to DeleteType
*/
int
FreeGC(void *value, XID gid)
{
GCPtr pGC = (GCPtr) value;
CloseFont(pGC->font, (Font) 0);
(*pGC->funcs->DestroyClip) (pGC);
if (!pGC->tileIsPixel)
(*pGC->pScreen->DestroyPixmap) (pGC->tile.pixmap);
if (pGC->stipple)
(*pGC->pScreen->DestroyPixmap) (pGC->stipple);
(*pGC->funcs->DestroyGC) (pGC);
if (pGC->dash != DefaultDash)
free(pGC->dash);
dixFreeObjectWithPrivates(pGC, PRIVATE_GC);
return Success;
}maybe
/**
* does the diX part of freeing the characteristics in the GC.
*
* \param value must conform to DeleteType
*/
int
FreeGC(void *value, XID gid)
{
GCPtr pGC = (GCPtr) value;
CloseFont(pGC->font, (Font) 0);
if (pGC->funcs && pGC->funcs->DestroyClip)
(*pGC->funcs->DestroyClip) (pGC);
if (!pGC->tileIsPixel)
(*pGC->pScreen->DestroyPixmap) (pGC->tile.pixmap);
if (pGC->stipple)
(*pGC->pScreen->DestroyPixmap) (pGC->stipple);
if (pGC->funcs && pGC->funcs->DestroyGC)
(*pGC->funcs->DestroyGC) (pGC);
if (pGC->dash != DefaultDash)
free(pGC->dash);
dixFreeObjectWithPrivates(pGC, PRIVATE_GC);
return Success;
}it happen at selinux something check err
[ 73.664] SELinux: a compute_create call failed!
[ 73.664] (EE)
[ 73.664] (EE) Backtrace:
[ 73.664] (EE) 0: /usr/libexec/Xorg (xorg_backtrace+0x7d) [0x5564b77b858d]
[ 73.664] (EE) 1: /usr/libexec/Xorg (0x5564b7600000+0x1bc34d) [0x5564b77bc34d]
[ 73.664] (EE) 2: /lib64/libpthread.so.0 (0x7f83de036000+0x12b30) [0x7f83de048b30]
[ 73.664] (EE) 3: /usr/libexec/Xorg (FreeGC+0x1a) [0x5564b76705aa]
[ 73.664] (EE) 4: /usr/libexec/Xorg (CreateGC+0xb8) [0x5564b76716a8]
[ 73.664] (EE) 5: /usr/libexec/Xorg (0x5564b7600000+0x57671) [0x5564b7657671]
[ 73.664] (EE) 6: /usr/libexec/Xorg (0x5564b7600000+0x5c32e) [0x5564b765c32e]
[ 73.664] (EE) 7: /usr/libexec/Xorg (0x5564b7600000+0x603d6) [0x5564b76603d6]
[ 73.664] (EE) 8: /lib64/libc.so.6 (__libc_start_main+0xf3) [0x7f83ddc967c3]
[ 73.664] (EE) 9: /usr/libexec/Xorg (_start+0x2e) [0x5564b7649d7e]
[ 73.664] (EE)
[ 73.664] (EE) Segmentation fault at address 0x28
[ 73.664] (EE)
Fatal server error:
[ 73.664] (EE) Caught signal 11 (Segmentation fault). Server aborting
[ 73.664] (EE)
[ 73.664] (EE)
Please consult the The X.Org Foundation support
at http://wiki.x.org
for help.
[ 73.664] (EE) Please also check the log file at "/var/log/Xorg.0.log" for additional information.
[ 73.664] (EE)
[ 73.681] (EE) Server terminated with error (1). Closing log file.Edited by kiraskyler